﻿using System.Data;
using CodeCrawler.UI.Data;
using OWASP.CodeReview.CodeCrawler.Enums;
using OWASP.CodeReview.CodeCrawler.Engine;


namespace OWASP.CodeReview.CodeCrawler.Common
{
    public class Objects
    {
        public DataTable CreateThreatListStructure()
        {
            DataTable currentThreatListTable = new DataTable("OWASP_Code_Crawler_Table");
            System.Data.DataColumn threat_c1 = new DataColumn("Line", typeof(int));
            System.Data.DataColumn threat_c2 = new DataColumn("Code", typeof(string));
            System.Data.DataColumn threat_c3 = new DataColumn("Level", typeof(int));
            System.Data.DataColumn threat_c4 = new DataColumn("Description", typeof(string));
            System.Data.DataColumn threat_c5 = new DataColumn("Line", typeof(int));

            currentThreatListTable.Columns.Add(threat_c1);
            currentThreatListTable.Columns.Add(threat_c2);
            currentThreatListTable.Columns.Add(threat_c3);
            currentThreatListTable.Columns.Add(threat_c4);
            currentThreatListTable.Columns.Add(threat_c5);

            return currentThreatListTable;
        }

        /// <summary>
        /// This method will take as the current string
        /// and try to match it against the owasp database
        /// if there's a positive, then put it in the list
        /// </summary>
        /// <param name="Pattern">The line of code the program is reading</param>
        /// <returns></returns>
        protected Threat ThreatRecognise(string Pattern)
        {
            CodeCrawlerXMLDatabase databaseHelper               = new CodeCrawlerXMLDatabase();
            DataSet CodeCrawlerDataBaseRappresentation  = databaseHelper.InizializeCodeCrawlerDatabase();

            Threat threat = new Threat();

            if (CodeCrawlerDataBaseRappresentation != null && CodeCrawlerDataBaseRappresentation.Tables[0] != null)
            {
                foreach (DataRow PossibleVulnerableCode in CodeCrawlerDataBaseRappresentation.Tables[0].Rows)
                {
                    if (Pattern.ToLower().Contains(PossibleVulnerableCode[0].ToString().ToLower()))
                    {
                        threat.Description = PossibleVulnerableCode[1].ToString();
                        threat.Level = (ThreatLevel)int.Parse(PossibleVulnerableCode[3].ToString());
                        threat.IsExploitable = false;       // TODO
                        return threat;
                    }
                }
            }
            return threat;
        }
    }
}